Hírolvasó

Andrew 'bunnie' Huang introduces PDDB, a database meant to allow users to (plausibly) deny the existence of specific data within it.

Precursor is a device we designed to keep secrets, such as passwords, wallets, authentication tokens, contacts and text messages. We also want it to offer plausible deniability in the face of an attacker that has unlimited access to a physical device, including its root keys, and a set of “broadly known to exist” passwords, such as the screen unlock password and the update signing password. We further assume that an attacker can take a full, low-level snapshot of the entire contents of the FLASH memory, including memory marked as reserved or erased. Finally, we assume that a device, in the worst case, may be subject to repeated, intrusive inspections of this nature.

We created the PDDB (Plausibly Deniable DataBase) to address this threat scenario.

Andrew 'bunnie' Huang introduces PDDB, a database meant to allow users to (plausibly) deny the existence of specific data within it.

Precursor is a device we designed to keep secrets, such as passwords, wallets, authentication tokens, contacts and text messages. We also want it to offer plausible deniability in the face of an attacker that has unlimited access to a physical device, including its root keys, and a set of “broadly known to exist” passwords, such as the screen unlock password and the update signing password. We further assume that an attacker can take a full, low-level snapshot of the entire contents of the FLASH memory, including memory marked as reserved or erased. Finally, we assume that a device, in the worst case, may be subject to repeated, intrusive inspections of this nature.

We created the PDDB (Plausibly Deniable DataBase) to address this threat scenario.

Security updates have been issued by CentOS (log4j), Debian (chromium, xterm, and zabbix), Fedora (kate, lua, and podman), Oracle (aide and log4j), and SUSE (xen).

Security updates have been issued by CentOS (log4j), Debian (chromium, xterm, and zabbix), Fedora (kate, lua, and podman), Oracle (aide and log4j), and SUSE (xen).

Version 4.1.0 of the secure-desktop-oriented Qubes OS distribution has been released. "The culmination of years of development, this release brings a host of new features, major improvements, and numerous bug fixes". New features an experimental GUI domain separate from dom0, the "Qrexec" policy system, progress toward a reproducible build, and more. See below and this article for more information.

Digital photography opens up a whole new world of photo postprocessing opportunities, especially if the photographer uses their camera's raw format to take advantage of all of the data collected by the sensor. On the other hand, using raw images means doing without all of the processing done by the camera and taking on a range of complex tasks. Raw photo editors are designed to work with raw images as a key part of a photographer's workflow. Your editor recently reviewed the darktable editor, but there are other options available in the free-software community. RawTherapee is a GPLv3-licensed raw editor that is in some ways simpler than darktable — but that is not the same as saying that it is simple.

Security updates have been issued by Debian (ldns and libphp-adodb), Fedora (kernel, kernel-headers, kernel-tools, mingw-binutils, mingw-openexr, mingw-python3, mingw-qt5-qtsvg, scap-security-guide, stratisd, util-linux, and webkit2gtk3), Mageia (lrzsz, qtwebengine5, and xterm), openSUSE (chromium), and Ubuntu (python-django).

The 5.17-rc3 kernel prepatch is out for testing. Linus says: "Things look fairly normal so far, with a pretty average number of commits for an rc3 release".

The 5.16.6, 5.15.20, 5.10.97, and 5.4.177 stable kernel updates have been released. Unfortunately, a problem was reported almost immediately after that release, leading to the reversion of a broken patch and the subsequent release of 5.16.7, 5.15.21, and 5.10.98. It's worth noting that numerous groups tested the first set of releases and reported successful results (they can be seen as replies to the -rc1 posting), but nobody hit this problem in time.

We are pleased to announce the call for papers (cfp) for microconferences at the Linux Plumbers Conference (LPC) 2022.

LPC 2022 is currently planned to take place in Dublin, Ireland from 12 September to 14 September. For details about the location, co-location with other events see our website and social media for updates.

We do hope that LPC 2022 will be mainly an in-person event. Ideally, microconference runners should be willing and able to attend in person.

As the name suggests, LPC is concerned with Linux plumbing encompassing topics from kernel and userspace. A microconference is a set of sessions organized around a particular topic. The topic can be a kernel subsystem or a specific problem area in either kernel or userspace.

A microconference is supposed to be research and development in action and an abstract for a microconference should be thought of as a set of research questions and problem statements.

The sessions in each microconference are expected to address specific problems and should generate new ideas, solutions, and patches. Sessions should be focussed on discussion. Presentations should always aim to aid or kick off a discussion. If your presentation feels like a talk we would recommend to consider submitting to the LPC refereed track.

In past years microconferences were organized around topics such as security, scalability, energy efficiency, toolchains, containers, printing, system boot, Android, scheduling, filesystems, tracing, or real-time. The LPC microconference track is open to a wide variety of topics as long as it is focussed, concerned with interesting problems, and is related to open source and the wider Linux ecosystem. We are happy about a wide range of topics!

A microconference submission should outline the overall topic and list key people and problems which can be discussed. The list of problems and specific topics in a microconference can be continously updated until fairly late. This will allow microconferences to cover topics that pop up after submission and to address new developments or problems.

Microconferences that have been at previous LPCs should list results and accomplishments in the submission and should make sure to cover follow-up work and new topics.

After a microconference has been accepted, microconference organizers are expected to write a short blogpost for the LPC website to announce and advertise their topic.

Version 1.20.0 of the GStreamer multimedia system is out. Changes include a new high-level playback library replacing GstPlayer, decoding support for WebM Alpha, updated Rust bindings, and more; see the announcement for lots of details.

Loading a BPF program into the kernel involves a lot of steps, including verification, permissions checking, linking to in-kernel helper functions, and compilation to the native instruction format. Underneath all of that, though, lies one other simple task: allocating some memory to store the compiled BPF program in the kernel's address space. It turns out that this allocation can be somewhat wasteful of memory in current kernels, especially on systems where large numbers of BPF programs are loaded. This patch set from Song Liu seeks to remedy this problem by introducing yet another specialized memory allocator into the kernel.

Security updates have been issued by Debian (apng2gif, ruby2.5, ruby2.7, and strongswan), Fedora (389-ds-base, glibc, java-latest-openjdk, keylime, mingw-python-pillow, perl-Image-ExifTool, python-pillow, rust-afterburn, rust-askalono-cli, rust-below, rust-cargo-c, rust-cargo-insta, rust-fd-find, rust-lsd, rust-oxipng, rust-python-launcher, rust-ripgrep, rust-skim, rust-thread_local, rust-tokei, strongswan, vim, xen, and zola), Mageia (cryptsetup and expat), openSUSE (containerd, docker, glibc, and xen), Oracle (firefox, thunderbird, varnish:6, and vim), Red Hat (rh-maven36-log4j12 and varnish:6), SUSE (containerd, docker, glibc, samba, and xen), and Ubuntu (gdisk, graphviz, libdbi-perl, and mysql-5.7).

Version 15 of the venerable Slackware distribution has been released.

The challenge this time around was to adopt as much of the good stuff out there as we could without changing the character of the operating system. Keep it familiar, but make it modern. And boy did we have our work cut out for us. We adopted PAM (finally) as projects we needed dropped support for pure shadow passwords. We switched from ConsoleKit2 to elogind, making it much easier to support software that targets that Other Init System and bringing us up-to-date with the XDG standards. We added support for PipeWire as an alternate to PulseAudio, and for Wayland sessions in addition to X11.

A bit more information can be found in the release notes. Many of us got our start with Slackware; it is good to see that it's still out there and true to form.

Version 2.35 of the GNU C Library has been released. New features include Unicode 14.0.0 support, support for the C.UTF-8 locale, a bunch of new math functions, support for restartable sequences, and much more; see the announcement for details.

Persistent memory has a number of advantages; it is fast, CPU-addressable, available in large quantities and, of course, persistent. But it also, arguably, poses a higher risk of suffering corruption as a result of bugs in the kernel. Protecting against this possibility is the objective of this patch set from Ira Weiny, which makes use of Intel's "protection keys supervisor" (PKS) feature to make it harder for the kernel to inadvertently write to persistent memory.

With a more lengthy than usual message, Greg Kroah-Hartman has released the 4.4.302 stable kernel; it will be the last from the stable kernel team in the 4.4.x series. "Do not use it anymore unless you really know what you are doing." He notes that the Civil Infrastructure Platform (CIP) project is considering maintaining 4.4 into the future; those interested should contact CIP. He also added some statistics showing a nearly six-year lifetime for the branch with 8.44 changes per day from over 3500 developers. It was a good kernel branch, helped out by many to work as well as it has, thanks to all for your help with this. It has powered many millions, maybe a few billion, devices out in the world, but now it's time to say good-bye.

Security updates have been issued by Debian (librecad), Fedora (flatpak, flatpak-builder, and glibc), Mageia (chromium-browser-stable, connman, libtiff, and rust), openSUSE (lighttpd), Oracle (cryptsetup, nodejs:14, and rpm), Red Hat (varnish:6), SUSE (kernel and unbound), and Ubuntu (linux, linux-aws, linux-aws-5.11, linux-aws-5.13, linux-gcp, linux-gcp-5.11, linux-hwe-5.13, linux-kvm, linux-oem-5.13, linux-oracle, linux-oracle-5.11, linux-raspi, linux, linux-aws, linux-aws-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-ibm, linux-kvm, linux-oracle, linux-oracle-5.4, linux, linux-aws, linux-aws-hwe, linux-azure, linux-dell300x, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon, linux-gke, linux-gke-5.4, mysql-5.7, mysql-8.0, python-django, and samba).

The LWN.net Weekly Edition for February 3, 2022 is available.

Was enjoying my Prusa i3S for a few months, but had to use my Lulzbot Mini today, and it was something else.

In the past, I used the cura-lulzbot package. It went through difficult times, with a Russian take-over and Qtfication. But I persisted in suffering, because, well, it was turnkey and I was a complete novice.

So, I went to install Cura on Fedora 35, and found that package cura-lulzbot is gone. Probably failed to build, and with spot no longer at Red Hat, nobody was motivated enough to keep it going.

The "cura" package is the Ultimaker Cura. It's an absolute dumpster fire of pretend open source. Tons of plug-ins, but basic materials are missing. I print in BASF Ultrafuse ABS, but the nearest available material is the PC/ABS mix.

The material problem is fixable with configuration, but a more serious problem is that UI is absolutely bonkers with crazy flashing - and it does not work. They have menus that cannot be reached: as I move cursor into a submenu, it disappears. Something seriously broken in Qt on F35.

BTW, OpenSCAD suffers from incorrect refresh too on F35. It's super annoying, but at least it works, mostly.

Fortunately, "dnf remove cura" also removes 743 trash packages that it pulls in.

Then, I installed Slic3r, and that turned out to be pretty dope. It's a well put together package, and it has a graphical UI nowadays, operation of which is mostly bug-free and makes sense.

However, my first print popped off. As it turned out, Lulzbot requires the initial sequence that auto-levels it, and I missed that. I could extract it from my old dot files, but in the end I downloaded a settings package from Lulzbot website.